Be more strict in style attribute filtering
| | |
|---|
| | | || ($src = $this->config['cid_map'][$this->config['base_url'].$match[2]])) { |
|---|
| | | $value .= ' url('.htmlspecialchars($src, ENT_QUOTES) . ')'; |
|---|
| | | } |
|---|
| | | else if (preg_match('/^(http|https|ftp):.*$/i', $match[2], $url)) { |
|---|
| | | else if (preg_match('!^(https?:)?//[a-z0-9/._+-]+$!i', $match[2], $url)) { |
|---|
| | | if ($this->config['allow_remote']) |
|---|
| | | $value .= ' url('.htmlspecialchars($url[0], ENT_QUOTES).')'; |
|---|
| | | else |
|---|
| | |
|---|
| | | <h1>2 test</h1> |
|---|
| | | <p><div> block</p> |
|---|
| | | <div style="font-style:italic">valid css</div> |
|---|
| | | <div style="color:red; background:url('//somedomain.com/somepath/somefile.png')"> |
|---|
| | | <div style="{ left:expression( alert('expression!') ) }"> |
|---|
| | | <div style="{ background:url( alert('URL!') ) }"> |
|---|
| | | |
|---|
| | | <h1>3 test</h1> |
|---|
| | | <p>Inject comment text</p> |
|---|
| | | <div style="{ left:exp/* */ression( alert('xss3') ) }"> |
|---|
| | | <div style="{ background:u/* */rl( alert('xssurl3') ) }"> |
|---|
| | | <div style=" background:u/* */rl( alert('xssurl3') ) "> |
|---|
| | | |
|---|
| | | <h1>4 test</h1> |
|---|
| | | <p>Using reverse solid to directe the codepoint</p> |
|---|
